Why doesn't my cookie get saved?

Question

I do a POST ajax request when user clicks sign in. In the handler:

app.post('/auth', function(req,res,next){                                                                   

var token = req.body.token                                                                                  
session({ secret: 'keyboard cat', cookie: { maxAge: 60000*60*24 }})                                                                                                                                                           
  admin.auth().verifyIdToken(token)                                                                         
     .then(function(decodedToken) {                                                                          
       res.send({userID: decodedToken.uid})                                                                  
     }).catch(function(error) {                                                                              
       console.log(error.message)                                                                            
     })                                                                                                      
})

I am using express-session. My question is why does this cookie not get saved to the user's computer? I tested it out and it's not working.

this might be helpful https://stackoverflow.com/questions/16209145/how-to-set-cookie-in-node-js-using-express-framework — Vishal Rajole, Jun 02 '17 at 08:23
he's asking about [`express-session`](https://github.com/expressjs/session) — Hitmands, Jun 02 '17 at 08:25

Pono · Answer 1 · 2017-06-02T08:39:32.890

0

I'm pretty sure you'd need to initialise your session middleware before any routes.

app.use(session({
    secret: "keyboard cat",
    cookie: {
        maxAge: 60000*60*24
    }
}));

app.post("/auth", (req, res) => {
    const token = req.body.token;

    admin
        .auth()
        .verifyIdToken(token)
        .then((decodedToken) => {
            res.send({userID: decodedToken.uid})
        }).catch((error) => {
            console.log(error.message)
        });
});

edited Jun 02 '17 at 08:39

answered Jun 02 '17 at 08:27

Pono

11,298
9
53
70

I can't do app.use, because I want the cookie to saved only if the user successfully logged in. How can I achieve that? Your solution would add it to anyone visiting the site for the first time. – konyv12 Jun 02 '17 at 08:28
Why would you not want to set a cookie for every user? Since every user creates a new session you'd need to save this session ID somewhere - usually a cookie. – Pono Jun 02 '17 at 08:32
Because not every user would have access to the *private* members area. – konyv12 Jun 02 '17 at 08:32
I want the cookie created only when the user has logged in. – konyv12 Jun 02 '17 at 08:34
... than relying only on a cookie is a very bad idea. Every user has a session and every user has a cookie. It's your responsibility to save auth information in the session. After a successful login you'd say `req.session.user = foobar` and for all protected routes you'd check `if (req.session.user)` – Pono Jun 02 '17 at 08:36
If you _really_ want to save only on login (I strongly advise against it) you can check `saveuninitialized` property https://github.com/expressjs/session#saveuninitialized – Pono Jun 02 '17 at 08:38
Let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/145691/discussion-between-konyv12-and-pono). – konyv12 Jun 02 '17 at 08:39

Why doesn't my cookie get saved?

1 Answers1